CVE-2026-52959 Linux CVE debrief

Who should care

Linux kernel maintainers, Linux distribution vendors, and users of Linux-based systems should be aware of this vulnerability. The vulnerability's impact is limited to the local attack vector, requiring a local attacker with low privileges. Users of Linux systems should ensure they update their kernels to the latest version to mitigate this vulnerability.

Technical summary

The vulnerability exists in the virt: sev-guest component of the Linux kernel. When an extended guest request is issued, a buffer is allocated to retrieve a certificate blob from the host. However, the host may return an invalid buffer size, which is then used to compute the page order for cleanup, potentially leading to page allocator corruption. The fix uses alloc_pages_exact() and reuses @npages to compute the size passed to free_pages_exact().

Defensive priority

This vulnerability has a HIGH CVSS score and is locally exploitable, making it a priority for Linux kernel maintainers and users to apply the fix. Updating to the latest kernel version is recommended.

Recommended defensive actions

• Update Linux kernel to the latest version
• Review and apply kernel patches
• Monitor system logs for suspicious activity
• Inventory Linux systems for vulnerability
• Implement compensating controls for local privilege escalation

Evidence notes

The CVE record and NVD detail provide official information on the vulnerability. The Linux kernel repository contains the fix for the issue. The vulnerability's impact is limited to local attacks, and no public exploits are known.

Official resources